+1

SSL connection to Mysql DB

grondin jeremie 2 years ago 0

Hello,

After a lot of research, I can't find anything that's really working about this topic.

I found this: https://glpi.userecho.com/communities/1/topics/824-ssl-connection-to-mysql-db and this https://github.com/glpi-project/glpi/pull/5892 among other links and there's this precision in installation instructions

"

SSL connection to database

New in version 9.5.0.

Once installation is done, you can update the config/config_db.php to define SSL connection parameters. Available parameters corresponds to parameters used by mysqli::ssl_set():

  • $dbssl defines if connection should use SSL (false per default)
  • $dbsslkey path name to the key file (null per default)
  • $dbsslcert path name to the certificate file (null per default)
  • $dbsslca path name to the certificate authority file (null per default)
  • $dbsslcapath pathname to a directory that contains trusted SSL CA certificates in PEM format (null per default)
  • $dbsslcacipher list of allowable ciphers to use for SSL encryption (null per default)

"

However, it doesnt work in my case and I can't for the life of me find out why. I have the following errors with the params supplied:

[Thu Apr 20 13:18:20.433141 2023] [php:warn] [pid 26913] [client XXXXX:50904] PHP Warning: mysqli::real_connect(): SSL operation failed with code 1. OpenSSL Error messages:\nerror:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed in /var/www/html/glpi/src/DBmysql.php on line 253, referer: http://XXXXX/glpi/front/central.php
[Thu
Apr 20 13:18:20.433320 2023] [php:warn] [pid 26913] [client XXXXX:50904] PHP Warning: mysqli::real_connect(): Cannot connect to MySQL by using SSL in /var/www/html/glpi/src/DBmysql.php on line 253, referer: http://XXXXX/glpi/front/central.php
[Thu
Apr 20 13:18:20.433409 2023] [php:warn] [pid 26913] [client XXXXX:50904] PHP Warning: mysqli::real_connect(): (HY000/2002): (trying to connect via (null)) in /var/www/html/glpi/src/DBmysql.php on line 253, referer: http://XXXXX/glpi/front/central.php

However, a simple php code works with SSL on this same machine so no networking problem or cert problem or username/passwd problem:

<?php
$conn = mysqli_init();
mysqli_ssl_set($conn,NULL,NULL, "/var/www/html/glpi/config/CertName.crt.pem", NULL, NULL);
mysqli_real_connect($conn, 'ServerName', 'Username', 'password', 'DBname', Port, MYSQLI_CLIENT_SSL);
if (mysqli_connect_errno()) {
die('Failed to connect to MySQL: '.mysqli_connect_error());
}


Can anyone tell me IF it really works, and if there's an example somewhere of someone that managed to make it work for real? I couldn't find any.

Thanks in advance.